﻿using Microsoft.IdentityModel.Tokens;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.

builder.Services.AddControllers();

//添加身份认证
builder.Services.AddAuthentication("Bearer")
                .AddJwtBearer("Bearer", options => 
                {
                    //若不设置为false则必须使用https
                    options.RequireHttpsMetadata = false;
                    options.Authority = "http://localhost:5280";
                    options.TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidateAudience = false
                    };
                });

builder.Services.AddAuthorization(options => 
{
    options.AddPolicy("ApiScope", policy => 
    {
        policy.RequireAuthenticatedUser();
        policy.RequireClaim("scope", "api1");
    });
});


var app = builder.Build();

// Configure the HTTP request pipeline.

app.UseRouting();

app.UseAuthentication();
app.UseAuthorization();

app.MapControllers();

app.Run();
